In this tutorial, we will see how to easily find all users that have been granted a specific role in MongoDB with MongoChef.
In MongoDB, users are defined for specific databases. Each user is then assigned a number of roles that in turn define the user’s privileges.
While MongoDB’s API makes it trivial to list all roles that a particular user has been granted, there is unfortunately no easy way for the reverse case where you want to find all users that have been granted a particular role, i.e. the role’s grantees.
Luckily, MongoChef makes it very easy to find those users.
List MongoDB Roles
First off, connected to your MongoDB server as a user that has sufficient privileges to manage users and roles.
Then, simply select the database that contains the role for which you want to find all grantees, and click the “Roles” icon in the toolbar.
Inspect Selected MongoDB Role
This will open the roles management tab for this database. Here, you can see all the built-in and user-defined roles created for the database.
Now, simply select the role for which you want to see all the users that have been granted that role. In our case, that is the user-defined role “rwAdmin”.
Then click the “Edit” button.
This opens the edit dialog for the select role.
By default, In the “Granted To” tab, you can see all grantees from the same database that the role is defined in.
In our case, that is natalie, paul, peter, and richard.
If you want to see all users from all databases that have been granted role “rwAdmin”, click the “Refresh for all DBs” button.
That’s it! You can now see all users from all databases that have been granted the role “rwAdmin” on our database “test”.
Modify MongoDB Role
In this view, you can now even conceptually add new users to this role. For this, click the “Add” button.
In the new dialog, you can choose users from any database that you want to add to the role. Of course, users in MongoDB are not really added to a role. Rather, under the hood, the selected users will be granted the role instead. Click “Add” to add the selected users.